I’m trying to make the following change as part of hardening my system - net.ipv4.conf.all.forwarding = 0. I have made the change to 99-sysctl.conf and run sysctl -p before rebooting, but this is the only kernel change that gets lost at reboot. I suspect that another conf file must presumably take precedence over the change. I would appreciate your help, please.
Thank you in advance for your help.
sudo sysctl -a --system
Shows you the files involved for the config.
Did you check that?
IPv4 forwarding appears to be enabled dynamically by different services:
So, disabling this reliably requires to disable/replace the mentioned services.
Hi there,
basically it is better to not to place custom Changes into 99-sysctl.conf.
It is just a symlink to the default sysctl.conf that might be overwritten from time to time.
ls -ahl /etc/sysctl.d/99-sysctl.conf
lrwxrwxrwx. 1 root root 14 4. Nov 15:40 /etc/sysctl.d/99-sysctl.conf -> ../sysctl.conf
To make changes more persistent, create a new file in /etc/sysctl.d/.
It should end with .conf and besides of that, its precedence is in alphabetical order.
So setting a number before helps to determine a precedence, from “low to high”.
You can create a new file, like
sudo touch /etc/sysctl.d/98-networking.conf
Then use an editor of your choice to fill in your settings.
You don’t need the -p option before rebooting, it just prints out a given file.
To load your config files during runtime, execute
sudo sysctl --system
They as well are automatically applied each boot.
Because not every child process may recognise the new settings, it might be advised to reboot.